A passphrase is a secret phrase, ideally randomly generated from a large word list. EG "SportyBoroughSubtitleHandclapMundanePostnasalCladPassableDuvetFootwear" is a passphrase. I generated that from a list of 7776 words, and it has 10 words in it, so it has about 128 bits of entropy.
A keyfile is a file containing a cryptographic key. A cryptographic key (for symmetric encryption, which is the type usually used when dealing with keyfiles) is at least 112 bits of random binary data (usually 128 or 256 bits). It's not text.
Encryption algorithms use keys, not passphrases (or passwords). Some programs will use a "Password Hashing Function" to derive a key from a password, and then use that key to perform encryption or decryption. Programs like Veracrypt actually generate one key randomly, use that key to encrypt the data of interest, and then encrypt the first key with a key derived from the user's passphrase. That lets the user change their passphrase without having to re-encrypt large amounts of data, instead they only have to re-encrypt the first key.
Encryption is at most as strong as the key, or the passphrase used to derive the key. This strength is measured in "bits of entropy" and depends on the length of the key (or passphrase) and the process used to create that key (anything other than uniform random choice lowers the entropy). Zip and Rar can be just as slow to crack as Veracrypt if appropriate versions of the software are used (some old versions didn't use strong encryption methods) and the passphrase is long enough.
Keyfiles containing secret or private should always be kept secret.
One common use of keyfiles is for password managers like KeePassXC and Bitwarden. When they use keyfiles the keyfile is used in addition to the user's passphrase, both are needed to decrypt the password database. The keyfile thus serves as a second factor needed to decrypt the database. The database can be safely synchronized via cloud storage like Dropbox or iCloud, while the keyfile should be transferred between devices only via local means like a USB cable. Without both the keyfile and the passphrase, the database can't be decrypted.
I'm not familiar with EncryptPad, so I can't answer specific questions about it, and questions about particular software are off-topic on this site anyway.